Sanjeev,
Option #1 (recommended): Set up HSRP on the 2 2500 routers and point the
default route for the PIX to the HSRP IP address. Setup BGP peering on each
2500 so that the routers peer with each respective provider and each other.
Caveats: The max RAM on a 2500 series router is 16MB, this is certainly not
enough to take full Internet routes from one peer, much less from multiple
peers. You may be able to have your providers send you a set of routes
containing only their directly connected customers and a default route.
Depending on the provider, this may still be too many routes to hold in 16MB
of RAM. If so, you will be stuck with simply receiving a default route from
each provider. In this scenario, all traffic leaving your site will exit
from the primary HSRP router, although it may return via the backup HSRP
router.
The 2500 series routers are really not a good choice for the scenario you
are describing. If you want load-sharing of any type, you'll need routers
that will take more RAM to hold full BGP route tables. At least a 2600
(64MB) or, preferably, a 3640 (128MB).
Option #2: Take full BGP routes from the providers as described in option#1
(with the caveat that you'll have to upgrade your routers) and then
redistribute your BGP routes into RIP and send the RIP routes to the PIX.
Caveats: Generally speaking, redistributing BGP routes into an IGP is not
considered to be a good idea. The advantage of this approach is that
provided the PIX has enough memory for all of these routes, it will know
specifically which router it needs to go to for each destination on the
Internet.
I've never seen this done, and I only mention it for the sake of
completeness. If it were my network, I would not do this although it is
theoretically possible and should work, I think some variation of option #1
is the much preferred way to go.
Please keep in mind my comments about the amount of RAM required for your
routers. If you tell your provider to send you full BGP routes to your 2500
and your router crashes and your network is down, don't blame me. ;-)
HTH,
Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 3:17 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall [7:9295]
Dear All,
I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which are
connected to 2-different 2500 series Routers.Can I terminate RJ-45
interfaces from Router on PIX Firewall, how will Pix decide on which Router
the packets are to be send.
Please Help.
Thanks in advance
Sanjeev Tyagi
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9394&t=9295
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
